CVE-2023-22331

Use of default credentials vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information...

CVE-2023-29154

CVE-2023-29154 affects Contec CONPROSYS HMI System (CHS) prior to version 3.5.3. The vulnerability is an SQL injection that allows a user with administrative privileges to execute arbitrary SQL commands through specially crafted input on the query setting page. Several sources (including CVE list...

CVE-2023-28399

The CVE-2023-28399 issue affects CONPROSYS HMI System (CHS) before version 3.5.3. The root cause is an incorrect ACL permissions setup on the local installation folder, granting a wide range of privileges to a PC user. Impact, as described in the sources, includes potential destruction of the sys...

CVE-2023-28824

CVE-2023-28824 affects Contec CONPROSYS HMI System (CHS) prior to version 3.5.3. The issue is a server-side request forgery (SSRF) vulnerability where an administrator can bypass the query-setting database restrictions and connect to a user-unintended database. Root cause details in connected doc...

CVE-2023-28651

CONPROSYS HMI System (CHS)

CVE-2023-28713

The CVE-2023-28713 entry concerns CONPROSYS HMI System (CHS) prior to version 3.5.3, where account information for the database is stored in plaintext in a local file. This allows someone with access to the host PC to obtain sensitive data and potentially modify database contents. The vulnerabili...

Contec CONPROSYS HMI System (CHS) Detection

Binary data contecchsdetect.nbin...

chs-consulting.eu Cross Site Scripting vulnerability OBB-3207183

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GoAnywhere zero-day opened door to Clop ransomware

A semi-active ransomware group has claimed it is behind a string of attacks which have taken advantage of a zero-day vulnerability in GoAywhere MFT. The Russian-linked Clop ransomware group says it was able to remotely attack private systems using exposed GoAnywhere MFT administration consoles...

CVE-2023-22324

CVE-2023-22324 affects CONPROSYS HMI System (CHS) versions 3.5.0 and earlier. The vulnerability is an SQL injection in CHS that allows a remote authenticated attacker to execute arbitrary SQL commands, potentially exposing information stored in the database. The available connected sources descri...

CVE-2023-22373

CVE-2023-22373 affects CONPROSYS HMI System (CHS) up to version 3.4.5. The vulnerability is a Cross-site Scripting (CWE-79) in the web interface used by the administrative user, allowing a remote authenticated attacker to inject arbitrary scripts and potentially obtain sensitive information. Vend...

CVE-2023-22339

CONPROSYS HMI System (CHS) by Contec is affected by CVE-2023-22339 due to improper access control in 3.4.5 and earlier. This vulnerability could let a remote unauthenticated attacker bypass access restrictions and obtain the server certificate, including the private key. Affected versions: 3.4.5 ...

CVE-2023-22331

CVE-2023-22331 affects CONPROSYS HMI System (CHS) by a default-credentials vulnerability in versions 3.4.5 and earlier, allowing a remote unauthenticated attacker to alter user credentials information. The issue arises from use of default credentials (CWE-1392) in CHS, with a CVSS v3 base score o...

PT-2023-7703 · Unknown · Conprosys Hmi System

Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI System CHS versions 3.4.5 and earlier Description: The issue is related to the use of a password hash instead of the password for authentication, allowing a remote authenticated attacker to obtain user credentials information vi...

CVE-2022-44456

CONTEC CONPROSYS HMI System (CHS) versions 3.4.4 and earlier are affected by CVE-2022-44456, an OS command injection vulnerability that allows a remote unauthenticated attacker to execute arbitrary OS commands on the server by sending a specially crafted request. Reported impact is remote code ex...

chs-savoie.fr Improper Access Control vulnerability OBB-1495157

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

chs-shc.gc.ca Cross Site Scripting vulnerability OBB-1313280

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

chs-savoie.fr XSS vulnerability

Open Bug Bounty ID: OBB-568005 Description| Value ---|--- Affected Website:| chs-savoie.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

chattooga.chs.schoolfusion.us XSS vulnerability

Open Bug Bounty ID: OBB-227919 Description| Value ---|--- Affected Website:| chattooga.chs.schoolfusion.us Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

wpmediaholder-sql.txt

------------------------------------------------------------------- WordPress Media Holder id Sql injetion vulnerability! ------------------------------------------------------------------- ------------------------------------------------------------------- Author: boom3rang Greetz: H!tM@N - KHG ...